Onboard a Sumo Logic App to SSPM
Focus
Focus
SaaS Security

Onboard a Sumo Logic App to SSPM

Table of Contents

Onboard a Sumo Logic App to SSPM

Onboard a Sumo Logic app to SSPM to detect posture risks.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • SaaS Security Posture Management license
Or any of the following licenses that include the Data Security license:
  • CASB-X
  • CASB-PA
For SSPM to detect posture risks in your Sumo Logic instance, you must onboard your Sumo Logic instance to SSPM. Through the onboarding process, SSPM connects to a Sumo Logic API by using an access key that you generate as the Sumo Logic account owner. After connecting to the Sumo Logic API, SSPM scans your Sumo Logic instance for misconfigured settings and account risks.
The supported Sumo Logic account plan for SSPM scans is the Enterprise plan.
To access your Sumo Logic instance, SSPM requires the following information, which you will specify during the onboarding process.
ItemDescription
Admin Access ID
One of the programmatic credentials that SSPM will use to access the Sumo Logic API, analogous to a user ID. It's a unique alphanumeric string that identifies the access key pair.
Admin Access Key
One of the programmatic credentials that SSPM will use to access the Sumo Logic API, analogous to a password. Sumo Logic uses it to authenticate API requests from SSPM.
Endpoint region
The region where Sumo Logic is hosting your data.
To onboard your Sumo Logic instance, you complete the following actions:
  1. Generate a Sumo Logic access key and copy its credentials.
    1. Identify the Sumo Logic account that you will use to generate the access key.
      Required Permissions: You must generate the access key from the account that is designated the Sumo Logic account owner. This is either the user who registered the account, or was later designated the account owner.
    2. Log in to Sumo Logic as the account owner.
    3. Navigate to your Sumo Logic preferences.
      To navigate to your preferences, locate your profile icon in the upper-right corner of the Sumo Logic page, and select <profile-icon> Preferences.
    4. Select the Personal Access Keys tab and Add Access Key.
    5. In the Add New Access Key window, specify a name for your access key. This name will appear in the list of your personal access keys, so give it a meaningful name, such as SSPM Integration.
    6. Under Scopes, select the Custom option.
      By default, the access key will inherit the permissions of the user who creates it. Because we are creating the key as the Account Owner, who has the highest level of administrative privileges, you should explicitly limit the access key's permissions to the minimum permissions that SSPM requires. Specify the following custom scopes:
      • Access Keys - View
      • Access Keys - Manage
      • Users And Roles - View
      • Users And Roles - Manage
      • Content admin
      • Manage Library
      • Run Log Search - View/Manage
      • View Collectors
      • View Security Settings
      • View Account Status
    7. Save your key.
      Sumo Logic generates the key and displays its credentials (Access ID and Access Key).
    8. Copy the Access ID and Access Key and paste them into a text file.
      Don’t continue to the next step unless you have copied the Access ID and Access Key. You will provide this information to SSPM during the onboarding process.
  2. Identify your Sumo Logic endpoint region.
    Use the following table to determine your region based on your login URL.
    URLRegion
    api.au.sumologic.com
    AU (Australia)
    api.ca.sumologic.com
    CA (Canada)
    service.de.sumologic.com
    DE Germany
    service.eu.sumologic.com
    EU (European Union)
    service.fed.sumologic.com
    FED (US Government)
    service.in.sumologic.com
    IN (India)
    service.jp.sumologic.com
    JP (Japan)
    service.sumologic.com
    US1 (United States)
    service.us2.sumologic.com
    US2 (United States)
  3. Connect SSPM to your Sumo Logic instance.
    In SSPM, complete the following steps to enable SSPM to connect to your Sumo Logic instance.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Sumo Logic tile.
    3. On the Posture Security tab, Add New instance.
    4. Log in with Credentials.
    5. Enter the credentials for your access key (Access ID and Access Key) and the endpoint region.
    6. Connect.